Product:

Http_server

(Apache)
Repositories https://github.com/apache/httpd
#Vulnerabilities 287
Date Id Summary Products Score Patch Annotated
2021-06-10 CVE-2020-13938 Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows Http_server, Epolicy_orchestrator, Cloud_backup 5.5
2021-06-10 CVE-2020-13950 Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service Http_server, Debian_linux, Fedora, Enterprise_manager_ops_center, Instantis_enterprisetrack, Zfs_storage_appliance_kit 7.5
2021-06-10 CVE-2020-35452 Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow Http_server, Debian_linux, Fedora, Enterprise_manager_ops_center, Instantis_enterprisetrack, Zfs_storage_appliance_kit 7.3
2021-06-10 CVE-2021-26690 Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service Http_server, Debian_linux, Fedora, Enterprise_manager_ops_center, Instantis_enterprisetrack, Zfs_storage_appliance_kit 7.5
2021-06-10 CVE-2021-26691 In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow Http_server, Debian_linux, Fedora, Cloud_backup, Enterprise_manager_ops_center, Instantis_enterprisetrack, Secure_backup, Zfs_storage_appliance_kit 9.8
2021-06-10 CVE-2021-30641 Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' Http_server, Debian_linux, Fedora, Enterprise_manager_ops_center, Instantis_enterprisetrack, Zfs_storage_appliance_kit 5.3
2021-08-16 CVE-2021-33193 A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. Http_server, Fedora, Secure_backup, Zfs_storage_appliance_kit, Tenable\.sc 7.5
2021-09-16 CVE-2021-34798 Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. Http_server, Brocade_fabric_operating_system_firmware, Debian_linux, Fedora, Cloud_backup, Clustered_data_ontap, Storagegrid, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Http_server, Instantis_enterprisetrack, Peoplesoft_enterprise_peopletools, Zfs_storage_appliance_kit, Ruggedcom_nms, Sinec_nms, Sinema_remote_connect_server, Sinema_server, Tenable\.sc 7.5
2021-09-16 CVE-2021-36160 A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). Http_server, Brocade_fabric_operating_system_firmware, Debian_linux, Fedora, Cloud_backup, Clustered_data_ontap, Storagegrid, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Http_server, Instantis_enterprisetrack, Peoplesoft_enterprise_peopletools, Zfs_storage_appliance_kit 7.5
2021-09-16 CVE-2021-39275 ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. Http_server, Debian_linux, Fedora, Cloud_backup, Clustered_data_ontap, Storagegrid, Http_server, Instantis_enterprisetrack, Zfs_storage_appliance_kit, Sinec_nms, Sinema_server 9.8